Is it possible to run “sudo su -” in ansible with non-root user
- name: test
hosts: example.com
gather_facts: false
any_errors_fatal: true
become: true
become_exe: "sudo su - "
become_method: su
remote_user: test_user
tasks:
- name: check the user after sudo
shell: whoami
register: whoami
- debug:
msg: "{{ whoami }}"
Regards,
Jatinder JawandaHi,
this is supported with the community.general.sudosu become plugin:
https://docs.ansible.com/ansible/latest/collections/community/general/sudosu_become.html
Cheers,
Felix
Hey Felix,
I was looking at this documentation and not sure how to use it.
Is it possible if you can share a working code. I tried this below with this plugin but I was not able to make it run.
ansible example.com -i inventory/example -m shell -a “whoami” -e “ansible_ssh_pass=test@123” -e “ansible_sudo_pass=test@123” -u test_user -b -e “ansible_become_method=sudosu” -e -e “ansible_become_exe=sudo su -”
In sudoers I have following
test_user ALL=(root) /bin/su -
Regards,
Jatinder Jawanda
Hi Jatinder,
have you tried `ansible_become_method=community.general.sudosu` instead
of `ansible_become_method=sudosu`? The later will definitely not work,
since `sudosu` is not that old that it still has a short name.
(Besides that, I haven't used it, so I unfortunately cannot share
working code.)
Cheers,
Felix
Nope, its not working !!
ansible example.com -i inventory/example -m shell -a “whoami” -e “ansible_ssh_pass=test@123” -e “ansible_sudo_pass=test@123” -u test_user -b -e "ansible_become_method=community.general.sudosu
FAILED! => {
“changed”: false,
“module_stderr”: “Shared connection to example.com closed.\r\n”,
“module_stdout”: “\r\n”,
“msg”: “MODULE FAILURE\nSee stdout/stderr for the exact error”,
“rc”: 1
}
Regards,
Jatinder Jawanda
Hi Jatinder,
it would be interesting to see more debug output. Have you tried
running ansible additionally with `-vvv`?
Best,
Felix
Here are the debug logs.
ansible localhost -m ping -u test_user --become -e “ansible_ssh_pass=test@123” -e “ansible_sudo_pass=test@123” -e “ansible_become_method=community.general.sudosu” -vvvv
META: ran handlers
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: test_user
<127.0.0.1> EXEC /bin/sh -c ‘echo ~test_user && sleep 0’
<127.0.0.1> EXEC /bin/sh -c ‘( umask 77 && mkdir -p “echo /home/test_user/.ansible/tmp”&& mkdir /home/test_user/.ansible/tmp/ansible-tmp-1622910467.15-29606-264197614406164 && echo ansible-tmp-1622910467.15-29606-264197614406164=“echo /home/test_user/.ansible/tmp/ansible-tmp-1622910467.15-29606-264197614406164” ) && sleep 0’
Using module file /opt/dma/.venv_ansible/lib/python2.7/site-packages/ansible/modules/system/ping.py
<127.0.0.1> PUT /home/test_user/.ansible/tmp/ansible-local-29579YwKbAR/tmpfCP59y TO /home/test_user/.ansible/tmp/ansible-tmp-1622910467.15-29606-264197614406164/AnsiballZ_ping.py
<127.0.0.1> EXEC /bin/sh -c ‘chmod u+x /home/test_user/.ansible/tmp/ansible-tmp-1622910467.15-29606-264197614406164/ /home/test_user/.ansible/tmp/ansible-tmp-1622910467.15-29606-264197614406164/AnsiballZ_ping.py && sleep 0’
<127.0.0.1> EXEC /bin/sh -c ‘sudo -H -S -p “[sudo via ansible, key=gouhehrxcdmgfhcjdbeadtdpeciznpks] password:” su -l root /bin/sh -c ‘"’“‘echo BECOME-SUCCESS-gouhehrxcdmgfhcjdbeadtdpeciznpks ; /opt/dma/.venv_ansible/bin/python /home/test_user/.ansible/tmp/ansible-tmp-1622910467.15-29606-264197614406164/AnsiballZ_ping.py’”’"’ && sleep 0’
<127.0.0.1> EXEC /bin/sh -c ‘rm -f -r /home/test_user/.ansible/tmp/ansible-tmp-1622910467.15-29606-264197614406164/ > /dev/null 2>&1 && sleep 0’
localhost | FAILED! => {
“changed”: false,
“module_stderr”: “”,
“module_stdout”: “”,
“msg”: “MODULE FAILURE\nSee stdout/stderr for the exact error”,
“rc”: 1
}
Regards,
Jatinder Jawanda
Furthermore, If I make a change in sudeors like below then --become-method=sudo also starts working.
Before:
test_user ALL=(root) /bin/su -
After:
test_user ALL=(root) /bin/su
Regards,
Jatinder Jawanda